Meta tried to gain a competitive advantage over its competitors, including Snapchat and later Amazon and YouTube, by analyzing the network traffic of how its users were interacting with Meta’s competitors. Given these apps’ use of encryption, Facebook needed to develop special technology to get around it.

Facebook’s engineers solution was to use Onavo, a VPN-like service that Facebook acquired in 2013. In 2019, Facebook shut down Onavo after a TechCrunch investigation revealed that Facebook had been secretly paying teenagers to use Onavo so the company could access all of their web activity.

After Zuckerberg’s email, the Onavo team took on the project and a month later proposed a solution: so-called kits that can be installed on iOS and Android that intercept traffic for specific subdomains, “allowing us to read what would otherwise be encrypted traffic so we can measure in-app usage,” read an email from July 2016. “This is a ‘man-in-the-middle’ approach.”

A man-in-the-middle attack — nowadays also called adversary-in-the-middle — is an attack where hackers intercept internet traffic flowing from one device to another over a network. When the network traffic is unencrypted, this type of attack allows the hackers to read the data inside, such as usernames, passwords, and other in-app activity.

  • Aniki 🌱🌿
    link
    fedilink
    English
    arrow-up
    117
    arrow-down
    14
    ·
    3 months ago

    This is blatantly circumventing encryption and a violation of the DMCA but lets see the DoJ do fuck all about it.

    Right, Biden? Facebook, Good, Tiktok, bad?

    • gravitas_deficiency@sh.itjust.works
      link
      fedilink
      English
      arrow-up
      61
      arrow-down
      5
      ·
      3 months ago

      Two things can be bad at once.

      What Meta did/is doing here is unbelievably shitty (but not that shocking).

      That in no way diminishes the incredibly serious implications of TikTok being wholly owned and operated by a PRC-based company, which comes with the implicit but very real and crucial caveat of the CCP will tell you to do just quietly things with your company sometimes, and if you don’t do it, you go to jail indefinitely.

      • Shyfer@ttrpg.network
        link
        fedilink
        English
        arrow-up
        20
        arrow-down
        1
        ·
        3 months ago

        But then it just comes off hypocritical and disingenuous if you selectively apply pressure. Then it just looks like you’re trying to give a competitive edge to US evil social media and preventing youth from learning about the situation in Palestine.

        • Promethiel@lemmy.world
          link
          fedilink
          English
          arrow-up
          7
          arrow-down
          1
          ·
          edit-2
          3 months ago

          Then it just looks like you’re trying to give a competitive edge to US evil social media.

          This is not just probable but certain; the whole thing is a very long way of saying this. In a world where the US worked for its citizens, this is a national security no-brainer. But we don’t live in a world where the spirit of things is followed when you can enrich yourself skirting the letter. Shit sucks, but this not a secret conspiracy; it’s realpolitik.

          and preventing youth from learning about the situation in Palestine.

          This one is more subjective…and also still probable for the same fucking reasons and good luck sharing the fact that you can act in a so called ‘security’ driven purpose and this is the perfect time to do sneaky shit. As if all of History wasn’t rife with examples with the Patriot Act being the first USA centric coming to mind amongst fuck what, hundreds?

          That is also realpolitik, and all the players know it. Shit sucks.

        • Cethin@lemmy.zip
          link
          fedilink
          English
          arrow-up
          1
          ·
          edit-2
          3 months ago

          It is absolutely giving an edge to “evil” (morality doesn’t matter in politics, especially international politics, and TikTok isn’t good anyway) US social media. China literally blocks all western social media. Everyone plays this game, and TikTok shouldn’t be on a pedestal just because you like using it.

          preventing youth from learning about the situation in Palestine

          OK, I really don’t think this has anything to do with it. There are many more places people’s are discussing this, like Lemmy for instance, that aren’t targeted. I’m sure you can find the same conversations happening on Reddit, Facebook, or whatever other social media. TikTok, though increasingly used for news, is not the only source of news about Palestine, nor is it the best. Short format content will never be good for detailed discussion of news and anyone thinking they’re getting thorough news in that format should reconsider.

      • knightly@pawb.social
        link
        fedilink
        English
        arrow-up
        8
        arrow-down
        5
        ·
        3 months ago

        I’d only accept the TikTok argument when it gets applied to all social media companies in equal measure.

        We don’t need one-off bans that let the worst offenders get away with exploiting people’s personal data. We need a bill of privacy rights.

        • Pips@lemmy.sdf.org
          link
          fedilink
          English
          arrow-up
          6
          arrow-down
          3
          ·
          3 months ago

          So your argument is if the regulation isn’t perfectly applied to every possible instance of a potential violation simultaneously, then it should never be applied? How does that make any sense?

          • Leg@lemmy.world
            link
            fedilink
            English
            arrow-up
            3
            ·
            3 months ago

            I think it’s a reasonable request that regulations be consistently applied rather than utilized at the whims of corporate favoritism. Facebook deserved a ban well before tiktok was an entity.

          • knightly@pawb.social
            link
            fedilink
            English
            arrow-up
            4
            arrow-down
            3
            ·
            edit-2
            3 months ago

            As opposed to selective enforcement of regulation mostly informed by nationalism and insider trading?

            How is this even a question. XD

          • knightly@pawb.social
            link
            fedilink
            English
            arrow-up
            3
            arrow-down
            5
            ·
            edit-2
            3 months ago

            If you take off the nationalist filter you’ll see that they are the same issue.

            Social networks don’t need middlemen, middlemen need social networks that rely on server/client architecture they can exploit.

    • lurch@sh.itjust.works
      link
      fedilink
      English
      arrow-up
      8
      arrow-down
      1
      ·
      3 months ago

      While I agree Facebook is also bad, the Tiktok thing is entirely different, because the legal issue is sending Amarican citizens data out to China, which the users agreed to give to Tiktok, but the government doesn’t want to be sent to China. The Facebook crime is secretly snooping without proper user consent.

        • Aatube@kbin.melroy.org
          link
          fedilink
          arrow-up
          7
          arrow-down
          9
          ·
          3 months ago

          That would be if they downloaded the uploaded Snapchats. This takes out web traffic, aka which “locations” your device visited, which 1. isn’t protected by copyright since it’s not a work 2. hasn’t been to Snapchat’s encryption yet. That time Bethesda accidentally shipped a DRM-free version of doom along with the main version, I don’t think opening the DRM-free one would count as circumventing.

          The relevant laws here should be about privacy and hacking.

          • Aniki 🌱🌿
            link
            fedilink
            English
            arrow-up
            9
            arrow-down
            3
            ·
            edit-2
            3 months ago

            Why did you ask if you already had your answer then? The DMCA has no carve outs.

            • Aatube@kbin.melroy.org
              link
              fedilink
              arrow-up
              11
              arrow-down
              1
              ·
              edit-2
              3 months ago

              Because you may have seen some angle I didn’t anticipate.

              Not sure what you mean about carveouts.

              • knightly@pawb.social
                link
                fedilink
                English
                arrow-up
                3
                ·
                3 months ago

                There’s no exceptions for fair use, if you break the encryption at all then you’re in violation of the DMCA.

                • Aatube@kbin.melroy.org
                  link
                  fedilink
                  arrow-up
                  2
                  arrow-down
                  3
                  ·
                  3 months ago
                  1. They technically (and legally) didn’t break it as they’re intercepting the traffic before it gets encrypted.
                  2. Not all encryption is DRM and covered by the DMCA. Hacking into and decrypting an encrypted database of passwords is violating hacking laws, not the DMCA. Same would apply to traffic data.

                  Note that IANAL.

                  • knightly@pawb.social
                    link
                    fedilink
                    English
                    arrow-up
                    6
                    ·
                    3 months ago

                    The DMCA is also not specific to the method. Bypassing encryption is legally the same as breaking it.